CVE-2026-11789

4.9 MEDIUM

A flaw was found in 389 Directory Server

Published: 2026-06-09 · Last updated: 2026-06-09

Severity and scoring

CVSS: 4.9 MEDIUM
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-191

Description

A flaw was found in 389 Directory Server. The SMD5 password storage plugin performs unsigned integer underflow when computing salt length from a crafted password hash shorter than 16 bytes, causing a buffer over-read that crashes the LDAP server during authentication.

Source: NVD

References

Related CVEs

Same CWE

CVE-2026-42542 — TDengine is an open source, time-series database optimized for Internet of Things devices (7.5 HIGH)
CVE-2026-42326 — ImageMagick is free and open-source software used for editing and manipulating digital images (5.1 MEDIUM)
CVE-2026-45469 — Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally (7.8 HIGH)
CVE-2026-45463 — Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally (8.4 HIGH)
CVE-2026-42981 — Integer underflow (wrap or wraparound) in Windows Performance Monitor allows an unauthorized attacker to execute code over a network (8.1 HIGH)